Bernd Jendrissek wrote:
If I may jump into the middle here... if, AFAICT, the purpose is to bind
a signature to a specific commit and no other, and also to the complete
file contents (figuring out $strings$ later), would it not be sufficient
to generate, say,
----- BEGIN PGP SIGNED MESSAGE -----
Comment: blah blah comments are untrusted
Repository revision: 1.5 /home/cvs/cvsroot/ifsf-sst/foo.c,v
#include <stdio.h>
int main()
{
printf("hello, world!\n");
return 0;
}
----- BEGIN PGP SIGNATURE -----
gobblegobblegobble=
----- END PGP SIGNATURE -----
(or its binary equivalent)
This does complicate things somewhat on the client side. Instead of
simply signing the file and creating a detached signature, the client
has to sign [header info]+[file].
No, wait, if an attacker has root access to the CVS server, revision
numbers become untrusted. Really all you're trying to achieve is to
identify the real culprit, so that Eve can't frame Alice.
I don't think it's possible to identify any culprits with 100%
certainty, except perhaps with a system that is designed from the ground
up with security in mind (CVS is at the opposite end of the security
spectrum - it was designed on the assumption that you can trust users
not to attack the system).
At this point, I don't think we're entirely clear on what we are trying
to achieve. It may be helpful to list the specific attacks we are trying
to protect against. Some of the attacks have been discussed in threads
on this list, but it would be nice to have it all collated in one place.
I think we're simply focusing on being able to detect, and if possible
prevent, tampering with the repository after the commit. That's a lot
easier than determining who actually performed the attack.
How about signing the previous signature?
----- BEGIN PGP SIGNED MESSAGE -----
Comment: blah blah comments are untrusted
Repository revision: 1.5 /home/cvs/cvsroot/ifsf-sst/foo.c,v
Chained signature:
ICAgaGVsbG93b3JsZHRoaXNpc3NvbWViYXNlNjRlbmNvZGVkMTdpc3RoZWZpcnN0dHJ1bHly
YW5kb21udW1iZXJkYXRhZnJvbWFsaWNlc2RldmVsb3BtZW50cGMK
#include <stdio.h>
int main()
{
printf("hello, world!\n");
return 0;
}
----- BEGIN PGP SIGNATURE -----
gobblegobblegobble=
----- END PGP SIGNATURE -----
(again, or its binary equivalent)
And what if the previous signature is invalid, or discovered to be from
a compromised key? The chain is broken, and Alice has no leg to stand
on. Signing the delta makes each commit atomic, with no dependencies on
the validity of previous versions. In effect, Alice says "These are the
specific changes I made, and this is the result."
That way Alice's good-faith commit of a backdoor introduced by Eve will
show up Eve's later fudging of the repository to make it look as if Eve
(who has Bob's compromised key) committed good code and Alice added the
evil code. Okay, you can't necessarily prove that *Eve* did it, but
you'll be able to prove Alice's innocence when you need to.
Are the GPG folk listening in on this convo? Are there discussions on
sci.crypt or comp.software.config-mgmt that I can follow?
Not that I'm aware of. Is it worth cross-posting this discussion to one
of these forums?
--
Jim
_______________________________________________
Bug-cvs mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/bug-cvs
